Auset Brain

rian-gmail-architecture

2 min read

The Rule

NEVER use Anthropic’s mcp__claude_ai_Gmail proxy for Rian. Tokens expire silently, can’t be refreshed from CLI, and caused March 23 outage. Use Google Workspace CLI (gws) exclusively.

Why: Anthropic proxy tokens expire without warning. GWS CLI uses refresh_tokens that auto-renew. Independence from any third-party proxy.

How to apply: Every Rian email task starts with gws gmail ... commands. If gws auth status shows none, run gws auth login -s gmail,calendar.

Tool: Google Workspace CLI (gws)

  • Binary: /usr/local/bin/gws (installed globally March 23, 2026)
  • Version: 0.18.1+
  • Config dir: ~/.config/gws/
  • Client secret: ~/.config/gws/client_secret.json
  • Credentials: ~/.config/gws/credentials.json (saved after first gws auth login)
  • Source: npm install -g @googleworkspace/cli (github.com/googleworkspace/cli)

OAuth Credentials

  • Client ID: Stored in SSM at /quik-nation/clerk/GOOGLE_OAUTH_CLIENT_ID
  • Client Secret: Stored in SSM at /quik-nation/clerk/GOOGLE_OAUTH_CLIENT_SECRET
  • Project: 135846763036 (Quik Nation GCP)
  • Type: Desktop Application (installed)
  • Scopes needed: gmail.modify, gmail.send, calendar.events

Gmail Accounts Managed

  1. mojaray2k@gmail.com — Personal (job search, bills, personal)
  2. info@quikinfluence.com — Business (QuikInfluence inquiries)

Auth Flow

  1. gws auth login -s gmail,calendar → opens browser
  2. User selects Google account → grants consent
  3. GWS saves refresh_token to ~/.config/gws/credentials.json
  4. Token auto-refreshes on every subsequent call — no re-auth needed
  5. Only re-auth if user revokes or credentials file deleted

History

  • March 20, 2026: Rian created. 23,471 emails cleaned, 200+ job replies sent. Used Anthropic proxy (was working).
  • March 23, 2026: Anthropic proxy expired (needs-auth). GWS CLI setup completed. client_secret.json placed. Pending: first gws auth login browser flow.

For Clara Beta Email Feature

  • Same pattern: user OAuth once → refresh_token stored encrypted per-tenant
  • GWS API (or Google APIs directly) on backend
  • $19/mo add-on
  • Clara writes in user’s voice (code-switches by context)
  • Refresh tokens never expire unless user revokes in Google Account settings

Graph View